To the campus community:
By now, you may have seen reports from media and other sources announcing a new vulnerability in Microsoft’s Internet Explorer web browser. The vulnerability could allow a malicious website to take control of a user’s computer through a flaw in the way Internet Explorer renders certain kinds of Adobe Flash code. Microsoft has reported that this vulnerability is beginning to be used in the wild, but has not announced a date for when the vulnerability will be fixed.
ITS has taken steps to secure our campus PCs from this vulnerability. Our network Intrusion Detection System has been updated to block attempts from outside campus to exploit this vulnerability. Our Desktop Application Services team is continuing to research additional security measures that can be deployed to desktops to help block this flaw.
Given that a fix has still not been announced by Microsoft, it is the recommendation of ITS that all users restrict usage of Internet Explorer to trusted internal sites only. For all other web browsing, please consider using an alternative web browser, such as Mozilla Firefox, Google Chrome, or Apple Safari until Microsoft patches Internet Explorer.
To protect your home or other personal machines running Microsoft’s Windows operating system, you may wish to consider taking some of the following actions:
- Use an alternative browser, such as Mozilla Firefox or Google Chrome, for day to day browsing until Microsoft patches Internet Explorer.
- Disable Adobe Flash within Internet Explorer. Newer versions of Windows (such as Windows 8) include Adobe Flash by default whether you install it or not. See Microsoft’s website (http://windows.microsoft.com/en-us/internet-explorer/manage-add-ons#ie=ie-11) for further details on disabling add-ons within Internet Explorer.
- Enable Internet Explorer’s “Enhanced Protection Mode” (EPM), a feature which became available in newer versions of Internet Explorer. While providing additional protection, this may break other legitimate add-ons and plugins. See Microsoft’s website (http://windows.microsoft.com/en-us/internet-explorer/manage-add-ons#ie=ie-11) for further details on enabling EPM within Internet Explorer.
- If you have not already upgraded from Windows XP, do so as soon as possible. Microsoft will not release a patch for this flaw, as they are no longer supporting the Windows XP operating system.
For additional technical information regarding this vulnerability, please see:
We appreciate your help, and we are committed to protecting campus systems.